April 20, 2021

Cyber Forensicator

  • Articles
  • Books
  • Contact
  • How To
  • News
  • Presentations
  • Science
  • Software
  • Tips & Tricks
  • Videos
  • Webinars
  • White Papers
Home How To (page 4)

How To

How To

Computer Forensics: Fragmented Files Recovery Based on XFS File System

With the continuous development of data recovery and digital forensics technology, techniques for forensic data recovery from the logic layer of hard drives are constantly improving. Yet there remains a great challenge: how to recover fragmented files? Through a case study of fragmented files in XFS file system, forensic experts from SalvationDATA will explain in this issue how to recover fragmented files …

Read More
How To

Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI

In this post Jessica Payne writes about how to use the built in Windows Event Forwarding components of Windows, some PowerShell scripts, and PowerBI desktop to create a fast, free, and effective console for diagnosing problems and finding Indicators of Attack in a network.

Read More
How To

Unofficial Guide to Mimikatz & Command Reference

Mimikatz is a common tool used by APT in modern cyber attacks to harvest admin’s and user’s login credentials. It’s very important for any analyst dealing with investigations of such attack to clearly understand how it works and what traces he or she might find. Here is the unofficial guide to Mimikatz and command reference by Sean Metcalf.

Read More
How To

Mounting APFS and 4k Disk Images on macOS 10.13

Sarah Edwards has written an amazing blog post at mac4n6, which will help you to mount APFS and 4k disk images on macOS 10.13, both RAW and EWF, using xmount. If you are dealing with macOS forensics, this is a must read!

Read More
How To

How to Remove the Backup Password in iOS 11

Cindy Murphy from Gillware has published a very interesting post on how to reset the backup password in iOS 11. Here is an excerpt from it: “Apple’s help page about encrypted backups got an update when iOS 11 came out. They give the following advice for people who have forgotten their backup password: You can’t restore an encrypted backup without its password. With iOS …

Read More
How To

How to Intercept IP Connections in a Malware Analysis Lab

SANS Institute has presented a short tutorial with Lenny Zeltser on how to intercept IP connections in a malware analysis lab:

Read More
How To

Amcache and USB Device Tracking

Jason Hale has published an interesting post on how to use the amcache to track USB devices. You can find device serial numbers, descriptions (e.g. FriendlyName-like values), volume names, VID/PID data, and more.

Read More
How To

Finding and Decoding Malicious PowerShell Scripts

Mari DeGrazia has published a very useful post, which will help you to learn how to find and decode malicious PowerShell scripts. You will learn, which events to check, how to detect PowerShell and decode scripts. According to Mari, it’s only the first part, she will keep writing and teach us how to detect malicious PowerShell scripts in registry (part 2) …

Read More
How To

SUMURI’s Free Mac Forensics Guide

SUMURI presented a free step by step Mac forensics guide. You will learn how to obtain system date and time, image a data source, mount acquired image, use indexing for keyword searches and report on your findings. The guide consists of 25 steps and can be downloaded here.

Read More
How To

Forensicating Messanging in iOS 11

Heather Mahalik, the author of Practical Mobile Forensics and SANS FOR585, has written a post about forensicating iOS 11 iMessages and SMS. The first thing to be noted, common mobile forensic tools not parsing these messages correctly, at least sometimes, especially timestamps, so the best way is to parse the sms.db contents manually. The thing is – you can see …

Read More
Page 4 of 11First...23456 10...Last

Follow Us

About Us

Cyber Forensicator is a web-project by Igor Mikhaylov and Oleg Skulkin aiming on collecting all most interesting and important cyber and digital forensics news, articles, presentations, and so on, in one place.

Popular Posts

Open Sourcing JA3: SSL/TLS Client Fingerprinting for Malware Detection

October 20, 2017

Cloud Forensics: Analyzing MEGASync

April 15, 2018

Windows Phone Physical Imaging Without JTAG and Chip-off

June 3, 2018

Timeline

  • March 4, 2021

    Find out what happened during a ransomware attack on computer

  • January 24, 2021

    Analyzing videos with multiple video streams in digital forensics

  • December 19, 2020

    PC3000 Portable III in Digital Forensics

  • December 18, 2020

    How to analyze different types of devices and find connections between them

  • July 5, 2020

    Threat Hunting: What it Is, and What it Is Not

CyberForensicator.com © Copyright 2016-2021, All Rights Reserved

Login

Welcome!Log into your account